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The MAILING DATE of this communication appears on the cover sheet with the correspondence address - 
Period for Reply 

A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 .136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 

• If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

1)^ Responsive to communication(s) filed on 13 December 2001 . 
2a)n This action is FINAL. 2b)l3 This action is non-final. 

3) n Since this application is in condition for allowance except for foanal nnatters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 11, 453 O.G. 213. 

Disposition of Claims 

4) S Claim(s) 1-17 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) n Claim(s) is/are allowed. 

6) S Claim(s) 1-17 is/are rejected. 
?)□ Claim(s) ^ is/are objected to. 

8) 0 Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) 13 The specification is objected to by the Examiner. 

10)13 The drawing(s) filed on 13 December 2001 is/are: a)n accepted or b)^ objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1 .85(a). 

Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 
11 )□ The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 1 1 9 

12)n Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 1 19(a)-(d) or (0. 
a)n All b)n Some * 0)0 None of: . 

1 .□ Certified copies of the priority documents have been received. 

2.n Certified copies of the priority documents have been received in Application No. . 



3.n Copies of the certified copies of the priority documents have been received in this National Stage 
application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 
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DETAILED ACTION 



Drawings 

1 . The drawings are objected to because tiiey include hand-drawn elements and 
hand-written labels. Corrected drawing sheets in compliance with 37 CFR 1.121(d) are 
required in reply to the Office action to avoid abandonment of the application. Any 
amended replacement drawing sheet should include all of the figures appearing on the 
immediate prior version of the sheet, even if only one figure is being amended. The 
figure or figure number of an amended drawing should not be labeled as "amended." If 
a drawing figure is to be canceled, the appropriate figure must be removed from the 
replacement sheet, and where necessary, the remaining figures must be renumbered 
and appropriate changes made to the brief description of the several views of the . 
drawings for consistency. Additional replacement sheets may be necessary to show the 
renumbering of the remaining figures. Each drawing sheet submitted after the filing date 
of an application must be labeled in the top margin as either "Replacement Sheet" or 
"New Sheet" pursuant to 37 CFR 1.121(d). If the changes are not accepted by the 
examiner, the applicant will be notified and informed of any required corrective action in 
the next Office action. The objection to the drawings will not be held in abeyance. 
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Specification 

2. The disclosure is objected to because of the following informalities: 

The specification appears to contain minor typographical and other errors. For 
example, on page 5, in paragraphs 001 1 and 0012, it appears that references to 
"identity certificate 204" are intended to refer instead to "identity certificate 202"; on 
page 6, line 4 of paragraph 001 5, it appears that "certSificate" is intended to read 
"certificate"; and on page 9, paragraph 0023, there is a reference to "the client 622", 
although reference numeral 622 indicates a certificate in Figure 6. 

Appropriate correction is required. Applicant's cooperation is requested in 
correcting any errors of which applicant may become aware in the specification. 

Claim Rejections - 35 USC § 101 

3. 35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or composition of 
matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the 
conditions and requirements of tiiis titie. 

4. Claims 9-17 are rejected under 35 U.S.C. 101 because the claimed invention is 
directed to non-statutory subject matter. 

Claims 9-14 are directed to a "machine-accessible medium" including a computer 
program for performing method steps. The term "machine-accessible medium" is broad 
enough to encompass, for example, a computer program written on paper. This is a 
computer program or data structure per se. Functional descriptive material such as a 
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computer program per se that is not embodied In a computer readable medium is not 
statutory subject matter. See MPEP § 2106 IV.B.I(a). 

Claims 15-17 are directed to a data signal including a digital certificate and a 
URI. This is data perse and is not tangibly embodied in a computer readable medium. 
Further, the claim elements solely recite a mere arrangement of data, which constitutes 
non-functional descriptive material, and is not statutory subject matter. See MPEP § 
2106 IV. B.I. 

6. To expedite a complete examination of the instant application, the claims 
rejected under 35 U.S.C. 1 01 above are further rejected as set forth below In 
anticipation of applicant amending these claims to place them within the statutory 
classes of invention. 

Claim Rejections - 35 USC § 112 

6. The following is a quotation of the second paragraph of 35 U.S.C. 112: 

The specification shiall conclude with one or more claims particularly pointing out and distinctly 
claiming the subject matter which the applicant regards as his invention. 

7. Claims 1-14 and 16 are rejected under 35 U.S.C. 1 12, second paragraph, as 
being indefinite for failing to particularly point out and distinctly claim the subject matter 
which applicant regards as the invention. 

Claim 1 recites the limitation "the first certificate" In lines 9-10. However, the 
claim also recites "at least one first certificate" In line 2. If there is more than one first 
certificate, it is unclear to which certificate "the first certificate" of lines 9-10 refers. This 
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renders the claim indefinite. Similarly, Claims 5-8 each recite the limitation "the first 
certificate"; the claims are indefinite by a similar rationale. For purposes of interpreting 
the prior art, "the first certificate" is assumed to refer to the at least one first certificate. 

Further in reference to Claim 1 , the limitation "providing, by the client to the third 
party, at least one second certificate" renders the claim indefinite. It is unclear what the 
purpose or use of the second certificate is, as the second certificate is not referred to in 
Claim 1 or any of its dependent claims aside from the provision of the second certificate. 

Further in reference to Claim 8, the limitation "revoking, by the client, the first 
certificate" renders the claim indefinite because it is unclear how the client can revoke 
the first certificate when the first certificate is provided by the authorizer. 

Claim 9 recites the limitation "the at least one first certificate" in line 5. There is 
insufficient antecedent basis for this limitation in the claim. For purposes of interpreting 
the prior art, it is assumed that this is intended to refer to the first certificate of line 3. 
Further, the claim recites the limitation "the machine" in line 2; there is insufficient 
antecedent basis for this limitation in the claim. 

Claim 12 recites the limitation "granting, by the authorizer, access to the third 
party". It is unclear whether "granting access to the third party" is to be read as the third 
party is allowed to access another party such as the authorizer, or as another party 
being allowed to access the third party. This renders the claim indefinite. For purposes 
of interpreting the prior art, the former interpretation is assumed. 
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Claim 16 recites the limitation "the second digital certificate grants less power 
than the first digital certificate". The phrase "grants less power" is generally vague and 
does not set forth a definite meaning for "less power*'. 

Claims not specifically referred to above are rejected due to their dependence on 
a rejected base claim. 

Claim Rejections - 35 USC § 102 

8. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351(a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 

9. Claims 1-9 and 12-16 are rejected under 35 U.S.C. 102(e) as being anticipated 
by McGarvey, US Patent 6643774. 

In reference to Claim 1, McGarvey discloses a method including a client storing a 
first certificate from an authorizer, the client storing a URI associated with the first 
certificate and a third party, the client providing a certificate and the URI to the third 
party (see column 12, lines 22-26), and the client providing the first certificate to the 
authorizer upon the authorizer accessing the URI, in which the client retains control over 
the third party's use of the first certificate (see Figures 3 and 8, where the client 300 
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corresponds to the client of the present claim, the server 310 corresponds to the third 
party of the present claim, and private key system 330 corresponds to the authorizer of 
the present claim; see also column 1 1 , line 37-column 12, line 11). 

In reference to Claims 2 and 3, McGarvey further discloses providing a short- 
term use certificate to the third party (column 12, lines 30-35). 

In reference to Claim 4, McGarvey further discloses authenticating the authorizer 
upon accessing the URI (column 1 1 , lines 60-61 ). 

In reference to Claims 5 and 6, McGarvey further discloses limiting and tracking 
the third party's use of the first certificate (column 8, lines 8-13). 

In reference to Claim 7, McGarvey further discloses that the contents of the first 
certificate are not revealed to the third party (see column 1 1 , lines 42-46). 

In reference to Claim 8, McGarvey further discloses that the first certificate can 
be revoked (see column 12, lines 30-36). 

In reference to Claim 9, McGarvey discloses a computer-implemented method 
including a client receiving a first certificate from an authorize, the client generating a 
URI associated with the first certificate and a third party, the client providing a second 
certificate and the URI to the third party (see column 12, lines 22-26), and the client 
providing the first certificate to the authorizer upon the authorizer accessing the URI 
after the third party has provided the second certificate and URI to the authorizer (see 
Figures 3 and 8, where the client 300 corresponds to the client of the present claim, the 
server 310 corresponds to the third party of the present claim, and private key system 



Application/Control Number: 10/022,592 Page 8 

Art Unit: 2137 

330 corresponds to the authorizer of the present claim; see also column 1 1 , line 37- 
column 12, line 11). 

In reference to Claim 12, McGarvey further discloses that the third party is 
granted access to the authorizer (column 8, lines 4-19). 

In reference to Claim 13, McGarvey further discloses tracking a use of the 
second certificate (column 8, lines 8-1 3). 

In reference to Claim 14, McGarvey further discloses that the second certificate 
can be revoked (column 8, lines 10-13; column 12, lines 30-36). 

In reference to Claims 15 and 16, McGarvey discloses a second digital certificate 
issued from a client to a third party (see Figures 3 and 8, where the client 300 
corresponds to the client of the present claim, the server 310 corresponds to the third 
party of the present claim, and private key system 330 corresponds to the authorizer of 
the present claim; see also column 11, line 37-column 12, line 11) and a URI capable of 
retrieving a first digital certificate from a database associated with the client (see column 
12, lines 22-26). 

Claim Rejections - 35 USC § 103 

1 0. The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 1 02 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
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invention was made to a person having ordinary skill in tlie art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

1 1 . Claim 10 is rejected under 35 U.S.C. 103(a) as being unpatentable over 
McGarvey in view of Eastlake at al, "XML-Signature Syntax and Processing". 

McGarvey discloses everything as applied above to Claim 9. However, 
McGarvey does not explicitly disclose the use of XML signatures. Eastlake discloses 
that XML signatures can be used to apply digital signatures to the content of resources 
that may be external to the signature itself (page 4, section 1.0, "Introduction"). 
Therefore, it would have been obvious to one of ordinary skill in the art at the time the 
invention was made to modify the system of McGarvey to include the use of XML 
signatures, in order to provide integrity and message or signer authentication (see 
Eastlake, page 1 , Abstract). 

12. Claims 1 1 and 17 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over McGarvey in view of Ellison et al, "SPKI Certificate Theory". 

In reference to Claim 1 1 , McGarvey discloses everything as applied above to 
Claim 9. In reference to Claim 17, McGarvey discloses everything as applied above to 
Claim 15. However, McGarvey does not explicitly disclose the use of SPKI certificates. 
Ellison et al disclose that authorization certificates can be used to delegate 
authorizations (page 14, section 4, "Delegation") and that SPKI certificates can be used 
to define an authorization certificate (page 13, section 3.3, "SPKI Certificates"). 
Therefore, it would have been obvious to one of ordinary skill in the art at the time the 
invention was made to modify the systems of McGarvey to include the use of SPKI 
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certificates, in order to allow for authorizations to be delegated without needing to 
involve the owner of the resource concerned (see Ellison, page 14, section 4). 

Conclusion 



13. The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. 

a. Lipkin et al, US Patent 61 38235, discloses a method for controlling access 
to services using a chain of certificates delegating authorization. 

b. Davis et al, US Patent 6367009, discloses a system for delegating 
authorization and authentication using certificates. 

c. Corella, US Patent 6763459, discloses a system using short term SPKI 
authorization certificates. 

d. Wray, UK Patent Application GB 2357225, discloses certificates for 
delegation using SPKI certificates. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Zachary A. Davis whose telephone number is (571 ) 272- 
3870. The examiner can normally be reached on weekdays 8:30-6:00, alternate 
Fridays off. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Emmanuel Moise can be reached on (571) 272-3865. The fax phone 
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number for the organization where this application or proceeding is assigned is 703- 

872-9306. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 
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